Do user names used for login need to be unique?
Solution 1
It doesn't have to be unique. But if it's not it makes your life more difficult. Having a unique username means there is only one possible password for that username. If it's wrong, you don't have to go looking for another user with the same username to compare it to. It's gets really complicated when someone requests a missing password. How do you know who it is for? Email address? What if they don't use it anymore? Or forgot which one they used?
Recommendation: have unique logins. It's the best way to identify individuals.
Solution 2
Do they have to be unique?
No.
Should they be unique?
Depends upon what you think should happen when two users with the same username and password both try logging in at the same time.
Solution 3
A good way is to do this is have users login with email addresses and add a database field "nickname", which you set like "user3452" when the user registers and the user can change it to anything they want. But he still has to login with his email.
More users with the same username is a way to hell.
Solution 4
You always need a unique identifier for user logins. Usually this is the username but you could, for example, use the email address or your "separate unique index". I wouldn't recommend using the latter in the login form, it makes logging in more difficult.
You cannot force two users with the same username to use different passwords. This is very insecure because if I am refused registration with a particular combination, I now have the login credentials for another user.
Solution 5
It would save a lot of trouble down the road it the user names are unique from the get-go.
Related videos on Youtube
09 : 28
04 : 39
06 : 23
04 : 39
09 : 00
JDelage
Originally from France. I have been living in Seattle since Nov 98. I have a business education and worked for AMZN (98-03) and MSFT (03-08). I started to learn programming in late 2009. I'm very much a beginner at this point.
Updated on September 17, 2022Comments
-
JDelage over 1 year
Assuming a non-commercial site where users login with a user name and pw, do I need to enforce unicity of usernames?
Note: The db will use a separate unique index to identify the users.
The site is one where user can upload and share content, and have the possibility of doing that anonymously or not. However it is not primarily a social site.
-
icodestuff over 13 yearsNice reply: in the way it should be. Concise and open to deductions.
-
digit1001 over 13 yearsI was going to suggest this as well. Emails are a good login b/c they SHOULD be unique and offer a way to reset passwords.
